Keyless Attestation Support

[spiffcs]

What would you like to be added:
Support for Sigstore's "Keyless Workflow" in the syft attest command

With the addition of #510 in #785 syft is now able to produce a signed attestation with the generated SBOM as the predicate.

We want to see ephemeral keys and certificates (automatically signed by fulcio) supported where signatures are stored in the rekor transparency log.

Users will no longer have to pass an on-disk key and can use attest in the same way they sign other entities with cosign today.

Why is this needed:
Supporting the keyless workflow means Syft users can generate signed SBOM attestations without needing to manage their own keys. Additionally, the keyless workflow provides a stronger way to bind identities (from OIDC) to signatures in a highly discoverable manner, which is valuable to downstream SBOM consumers looking to trust where the SBOM came from.

Additional context:
See #510 for greater attestation roadmap.

[developer-guy]

we (w/@Dentrax) would like to give a hand to this, please let us know if there is anything we can help with 🙋🏻‍♂️

[spiffcs]

@developer-guy That would be awesome. I'm working on an initial pass today - Are you and @Dentrax free tomorrow so I can get feedback on what you want to see included and what a "complete" keyless experience looks like here?

[spiffcs]

@developer-guy here is a branch with the rough edges working.

https://github.com/anchore/syft/tree/835-keyless-attestation-upgrade

I'm currently trying to get a localized integration test stood up so we can exercise all the different flows.

go run main.go attest <YOUR_IMAGE> > attestation.json should let you give it a spin.

[spiffcs]

The initial changes for this have been merged in #910. I'm going to leave this issue open as there are probably a few improvements and expansions to be made past the initial support of keyless.

[jauderho]

Right now I use

          cosign sign docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }}
          syft docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }} -o json > docker_sbom.json
          cosign attest --predicate docker_sbom.json docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }}
          cosign verify-attestation docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }}

Just to confirm that with this change, I'll be to do the following instead?

          cosign sign docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }}
          syft attest -o syft-json docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }} 
          cosign verify-attestation docker.io/${{ env.REPOSITORY }}@${{ steps.push-step.outputs.digest }}

COSIGN_EXPERIMENTAL=1 is set elsewhere.

[spiffcs]

@jauderho! That's correct. I just ran this on my local environment and verified the workflow for an image I use. If you have any issues or suggestions for improving this based on your use case let me know on this issue and we can get the ball rolling there.

[jauderho]

Hmm, I'm getting an error when I try this. See https://github.com/jauderho/dockerfiles/runs/6480238360?check_suite_focus=true

open cosign.key: no such file or directory

Here's the full output if you are not able to get to the first link: https://gist.github.com/jauderho/e9b7293bbaa3f2e4c5dde09607b586aa

Not sure why it's trying to open a key if this is supposed to be keyless.

Here's the change that I made in my workflow: jauderho/dockerfiles@9f37033

On a possibly related note, I have been seeing some weirdness with GHCR recently where I am unable to successfully push a different image. Not sure if that is the cause.

[spiffcs]

@jauderho I'll take a look and see if I can replicate the issue you're seeing. When doing the default flow you should not see a cosign.key.

Which version of syft are you using?

[jauderho]

@spiffcs

Looking at the output from that run, it appears to be v0.44.1. I'd further point out that it seems to be working fine with Docker Hub, just not GHCR.

I'll try a run with GHCR commented out to see what happens.

Run anchore/sbom-action/download-syft@bb716408e75840bbb01e839347cd213767269d4a
  with:
  env:
    BUILD_VERSION: v1.0.0
    DOCKER_CLI_EXPERIMENTAL: enabled
    REPOSITORY: ***/age
/usr/bin/sh /home/runner/work/_temp/4c3c65d1-8526-4a9b-883f-f2cfde297e79 -d -b /home/runner/work/_temp/4c3c65d1-8526-4a9b-883f-f2cfde297e79_syft v0.44.1
[debug] checking github for release tag='v0.44.1' 
[debug] http_download(url=https://github.com/anchore/syft/releases/v0.44.1) 
[info] fetching release script for tag='v0.44.1' 
[debug] http_download(url=https://raw.githubusercontent.com/anchore/syft/v0.44.1/install.sh) 
[debug] checking github for release tag='v0.44.1' 
[debug] http_download(url=https://github.com/anchore/syft/releases/v0.44.1) 
[info] using release tag='v0.44.1' version='0.44.1' os='linux' arch='amd64' 
[debug] downloading files into /tmp/tmp.OmdePTK3eF 
[debug] http_download(url=https://github.com/anchore/syft/releases/download/v0.44.1/syft_0.44.1_checksums.txt) 
[debug] http_download(url=https://github.com/anchore/syft/releases/download/v0.44.1/syft_0.44.1_linux_amd64.tar.gz) 
[info] installed /home/runner/work/_temp/4c3c65d1-8526-4a9b-883f-f2cfde297e79_syft/syft 

[jauderho]

Looks like if I comment out GHCR, my run with just Docker Hub now fails. Feels like there might be an off by one issue somewhere as I was previously able to push the signature successfully to Docker Hub.

Run cosign sign docker.io/***/age@sha256:3b3cc8b88aa2476fea72311d1113dc311b0c31ee87d2c4634167779d76ef7b5b
Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...
tlog entry created with index: 2443309
Pushing signature to: index.docker.io/***/age
Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...
tlog entry created with index: 2443311
Pushing signature to: ghcr.io/***/age
open cosign.key: no such file or directory
Error: Process completed with exit code 1.

Compare this to the prior run

Run cosign sign docker.io/***/age@sha256:39a48b7b86fb16babf0475f7a8847f4e985be5502a252032aaf716b97a6fc092
  cosign sign docker.io/***/age@sha256:39a48b7b86fb16babf0475f7a8847f4e985be5502a252032aaf716b97a6fc092
  cosign sign ghcr.io/***/age@sha256:39a48b7b86fb16babf0475f7a8847f4e985be5502a252032aaf716b97a6fc092
  syft attest -o syft-json docker.io/***/age@sha256:39a48b7b86fb16babf0475f7a8847f4e985be5502a252032aaf716b97a6fc092
  syft attest -o syft-json ghcr.io/***/age@sha256:39a48b7b86fb16babf0475f7a8847f4e985be5502a252032aaf716b97a6fc092
  shell: /usr/bin/bash -e {0}
  env:
    BUILD_VERSION: v1.0.0
    DOCKER_CLI_EXPERIMENTAL: enabled
    REPOSITORY: ***/age
    COSIGN_EXPERIMENTAL: 1
Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...
tlog entry created with index: 2378066
Pushing signature to: index.docker.io/***/age
Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...
tlog entry created with index: 2378067
Pushing signature to: ghcr.io/***/age
open cosign.key: no such file or directory
Error: Process completed with exit code 1.

[spiffcs]

Definitely a bug with GHCR - I'm going to close this issue since we confirmed attestation support is working, but open a new bug specific to GHCR and tag you in it - does that sound good?

[jauderho]

@spiffcs We can follow up on the other thread that you created but to be clear this is not a GHCR only bug IMO.

--

Reposting from the other thread.

Also, if you look at my last comment, it appears *NOT* to be a GHCR only bug and more of a # of registries targeted bug. I reconfigured my workflow to *only* use Docker Hub and it still fails (when Docker Hub is the only registry defined).

[spiffcs]

Thanks for pointing that out! Sorry for missing that detail originally.

[jauderho]

@spiffcs Just checking in to see if there has been any new developments with addressing this?